apunkt/nyx
1
0
Fork 0
mirror of https://github.com/elicpeter/nyx.git synced 2026-06-12 19:55:14 +02:00
Code Issues Projects Releases Packages Wiki Activity

Dynamic (#77)

Browse source
This commit is contained in:
Eli Peter 2026-06-05 10:16:30 -05:00 committed by GitHub
parent 55247b7fcd
commit 991c84a1eb
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1464 changed files with 225448 additions and 1985 deletions
Download patch file Download diff file Expand all files Collapse all files

12
tests/dynamic_fixtures/unauthorized_id/python/benign.py Normal file
View file

@ -0,0 +1,12 @@
# Phase 11 (Track J.9) — Python UNAUTHORIZED_ID benign control fixture.
#
# Compares `owner_id` against the authenticated caller and returns
# `None` for any boundary-crossing request.
_STORE = {"alice": {"email": "alice@x"}, "bob": {"email": "bob@x"}}
_CALLER_ID = "alice"
def run(owner_id):
if owner_id != _CALLER_ID:
return None
return _STORE.get(owner_id)

11
tests/dynamic_fixtures/unauthorized_id/python/vuln.py Normal file
View file

@ -0,0 +1,11 @@
# Phase 11 (Track J.9) — Python UNAUTHORIZED_ID vuln fixture.
#
# Looks up a record by `owner_id` without checking it against the
# authenticated caller; an attacker who supplies another user's id
# reads that user's record.
_STORE = {"alice": {"email": "alice@x"}, "bob": {"email": "bob@x"}}
_CALLER_ID = "alice"
def run(owner_id):
return _STORE.get(owner_id)